Hi everybody,
I've got a handful of VLANs (802.1q) running over a Cisco infrastructure
and I'm trying to capture the Ethernet frames on a switch trunk port
while retaining the VLAN information contained within.
From what I can tell, in order to be able to do a port monitor on a
Catalyst switch to sniff VLAN traffic, I have to assign the monitor port
as a switchport access within a specific VLAN. I assume that when I do
it this way, the VLAN tag is being stripped off before the monitor port
hands off the packet to Wireshark. Is this correct?
Am I missing something obvious? I'd just like to be able to monitor ALL
traffic that is ingress/egress on a specific trunk port for all allowed
VLANs on that trunk, all the while retaining the VLAN information within
the frame.
Thanks for any advice.
Steve